package com.frank.framework.xss;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

import java.io.IOException;

/**
 * XSS过滤处理——过滤JSON格式的参数（application/json）,配合 WebMvcConfig 类使用
 * @author Frank
 *
 */
public class XssJsonDeserializer extends JsonDeserializer<String> {

    public XssJsonDeserializer(Class<String> string) {
        super();
    }

    @Override
    public Class<String> handledType() {
        return String.class;
    }

    @Override
    public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JsonProcessingException {
        String value = jsonParser.getValueAsString();
        if (value != null) {
            return Jsoup.clean(String.valueOf(value), Whitelist.relaxed()).trim();
        }
        return value;
    }
}
